[#MXS-4145] Add support for multi-MaxScale usage.

[MXS-4145] Add support for multi-MaxScale usage. Created: 2022-05-23 Updated: 2022-06-27 Resolved: 2022-06-20
Status:	Closed
Project:	MariaDB MaxScale
Component/s:	nosqlprotocol
Affects Version/s:	None
Fix Version/s:	22.08.0

Type:

New Feature

Priority:

Major

Reporter:

Johan Wikman

Assignee:

Johan Wikman

Resolution:

Fixed

Votes:

Labels:

None

Epic Link:

MongoDB Protocol Support

Sprint:

MXS-SPRINT-159, MXS-SPRINT-160

Description

The authentication mechanisms used by NoSQL and MariaDB are sufficiently dissimilar that nosqlprotocol needs direct access to the SHA1 password of the client, to be able to log into MariaDB on behalf of the it.

Currently, the SHA1 password is stored in a local sqlite3 database on the MaxScale host. This presents a problem when multiple MaxScale instances are used in front of the same database cluster, as a NoSQL user created via one MaxScale instance is not available on the other.

This problem can be solved by storing the SHA1 password in a table in the MariaDB server/cluster. That way, irrespective of which MaxScale instance a NoSQL user was created on, it would immediately also be available on the other.

As anyone with access to that table would be able to impersonate every user in that table, the SHA1 password should be encrypted using a key available only to the MaxScale instances, e.g. by specifying the encryption key in the MaxScale configuration file. That way, the setup would be just as secure/insecure as the current sqlite3 arrangement.

Generated at Thu Feb 08 04:26:31 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MXS-4145] Add support for multi-MaxScale usage. Created: 2022-05-23 Updated: 2022-06-27 Resolved: 2022-06-20